<?php
    session_start();
//    echo "Login: ".$_SESSION["userID"]." ".$_SESSION["userType"];
    
    //put your code here
    
    if(isset($_SESSION["userID"]) && !strcmp($_SESSION["userType"], "manager")){
    $productName = $_GET["productName"];
    $categoryID = $_GET["categoryID"];
    $minPrice = $_GET["minPrice"];
    $maxPrice = $_GET["maxPrice"];
    
    $flag = 0;
    
    $con = mysql_connect("localhost", "zhouzhao", "19831022");
    if(!$con){
        die("could not connect to DB: ".mysql_error());
    }

    mysql_selectdb("cloudcom", $con);
    
    $sql = "select * from products";
    
    if(strlen($productName) != 0){
        if($flag == 0){
            $sql = $sql." where productName='$productName'";
            $flag = 1;
        }else{
            $sql = $sql." and productName='$productName'";
        }
    }
    
    if(strlen($categoryID) != 0){
        if($flag == 0){
            $sql = $sql." where categoryID=$categoryID";
            $flag = 1;
        }else{
            $sql = $sql." and categoryID=$categoryID";
        }
    }
    
    if(strlen($minPrice) != 0){
        if($flag == 0){
            $sql = $sql." where productPrice>=$minPrice";
            $flag = 1;
        }else{
            $sql = $sql." and productPrice>=$minPrice";
        }
    }
    
    if(strlen($maxPrice) != 0){
        if($flag == 0){
            $sql = $sql." where productPrice<=$maxPrice";
            $flag = 1;
        }else{
            $sql = $sql." and productPrice<=$maxPrice";
        }
    }
    
    echo "query: $sql";
    $result = mysql_query($sql);
    
    echo "<table border='1' id='productTable'>
            <tr>
                <th>CategoryID</th>
                <th>Product name</th>
                <th>Product description</th>
                <th>Product image</th>
                <th>Product price</th>
            </tr>";
        
    while($row = mysql_fetch_assoc($result)){
        echo "<tr>";
        echo "<td>".$row["categoryID"]."</td>";
        echo "<td>".$row["productName"]."</td>";
        echo "<td>".$row["productDescription"]."</td>";
        echo "<td>".$row["productImage"]."</td>";
        echo "<td>".$row["productPrice"]."</td>";
        echo "</tr>";
    }
    echo "</table>";

    mysql_close($con);
    }else{
        require 'login.html';
    }
?>
